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DETAILED ACTION 

Response to Arguments 

1 . Applicant's amendment of the independent claims 1,13 and 20, reflects the 
limitation "server off-loads a computation burden associated with the cryptographic 
service from the client". Applicant continues to argue that McGravey does not teach off- 
loading of a cryptographic service from a client to a server. Examiner respectfully 
disagrees and points out, that McGravey teaches that the server tunnels all the client 
information on to the private key system as shown in Fig. 3. Therefore, the server off- 
loads the cryptographic service from the client 300. 

2. Applicant states that examiner may have confused the difference between a 
cryptographic service and the cryptographic operations. Examiner points out that he is 
applying a broad but reasonable interpretation of the claims. In light of that a 
cryptographic service is equated with the encryption of the data received from the client 
at the server as taught in McGravey. Examiner respectfully maintains his position that 
McGravey does teach a "cryptographic service" performed at the server for the client. 

3. Applicant further argues that nothing in McGravey teaches to one skilled in the art 
a suggestion to modify McGravey to include a network server that provides 
cryptographic services to a client. 

Examiner respectfully disagrees and points out that McGravey himself teaches 
providing cryptographic services at the server (see Fig. 6). McGravey teaches that the 
session key(s) are sent 607 (in Fig. 6) from the private key system to the server to 
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enable the server to decrypt data requests coming in from the client and to encrypt the 
resulting messages to the client (see column 10, lines 33-36), which meets the limitation 
"cryptographic services". 

Examiner also points out that while McGravey states that the server tunnels all the 
client information on to the private key system as shown at 602, McGarvey does not 
explicitly teach generating a tunnel on the network and utilizing the tunnel for sending 
information form the client to the server. Kirby discloses transferring encrypted packets 
over a public network (see abstract). Kirby teaches that the policy id field is used to 
create tunnels 140, 142 between firewall computers 146, 148 on internet 152 (see 
Fig.8). When computer 146 receives a network packet, it checks the policy id to 
determine which "tunnel" the packet came through. The tunnel indicates the type of 
encryption algorithm used to encrypt the packet (see column 5, lines 36-42). 
Examiner maintains that one of ordinary skill in the art would have been motivated to 
receive information at the server from the client utilizing the tunnel as taught in Kirby for 
determining the type of encryption algorithm used to encrypt the packet (see Kirby 
column 5, lines 36-42). Therefore the combination of teachings of McGravey and Kirby 
renders the instant claims obvious. 

4. Applicant also states that prior to his invention there were no cryptographic 
servers and cryptographic operations were performed on the computer that needed the 
operation to be accomplished. Examiner disagrees with this assessment of the prior art 
and points out that there are numerous systems wherein data is sent from one 
computer to another for encryption or decryption to be performed. One of ordinary skill 
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in the art would have equated perfornriing cryptographic operations at the remote 
location with the "cryptographic service", regarded by Applicant as an absolutely novel 
concept. 

5. The rejections of claims 1-3, 5-15 and 17-22 are maintained. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-3, 5-15 and 17-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over McGravey (U.S. Patent No. 6.643.774 B1) in view of Kirby (U.S. Patent No. 

5.898.784). 

7. Referring to the instant claims, McGravey discloses a method for delegating 
authority in a public key authentication environment from a client to a server machine or 
process, in order that the server machine or process can then securely access 
resources and securely perform tasks on behalf of the client (see abstract). 
McGravey shows in Fig. 6 that the client sends an initial request at 601 , comprising a 
nonce (noncel) and a request for the server's certificate. The server forwards or tunnels 
all the client information received from the client during the handshaking process on to 
the private key system as shown at 602. The private key system now has the noncel 
(from the client), and the original request from the client. The private key system 



Application/Control Number: 09/596,652 Page 5 

Art Unit: 2132 

responds 603 by sending a signed noncel , a nonce2, and the private key system's 
certificate (identified in FIG. 6 as the security certificate) to the server. The server then 
forwards 604 this information to the client. The client then responds 605 by sending a 
signed nonce2 and the client certificate to the server. The server forwards 606 or 
tunnels this information to the private key system. 

8. Referring to the independent claims 1,13 and 20, the limitation "identifying a client 
utilizing the network" is met by the client, which sends an initial request at 601, 
comprising a nonce (noncel) and a request for the server's certificate (see Fig.6). 
The limitation "receiving information at the server from the client ... wherein the 
information is encrypted by the client using the first key and performing cryptographic 
service at the server" is met by the private key system (i.e. client connected to the 
server) sending a signed noncel, a nonce2, and the private key system's certificate 
(identified in FIG. 6 as the security certificate) to the server. The limitation "server off- 
loads a computation burden associated with the cryptographic service from the client" is 
met by teaching of McGravey that the server tunnels all the client information on to the 
private key system as shown at 602, thereby off-loading the cryptographic service from 
the client. 

While McGravey states that the server tunnels all the client information on to the private 
key system as shown at 602, McGarvey does not explicitly teach generating a tunnel on 
the network and utilizing the tunnel for sending information form the client to the server. 

Referring to the instant claims, Kirby discloses transferring encrypted packets over a 
public network (see abstract). Kirby teaches that the policy id field is used to create 
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tunnels 140, 142 between firewall computers 146, 148 on internet 152 (see Fig.8). 
When computer 146 receives a networl< packet, it checks the policy id to determine 
which "tunnel" the packet came through. The tunnel indicates the type of encryption 
algorithm used to encrypt the packet (see column 5, lines 36-42). Therefore, at the time 
the invention was made, it would have been obvious to one of ordinary skill in the art to 
receive information at the server from the client of McGravey utilizing the tunnel as 
taught in Kirby. One of ordinary skill in the art would have been motivated to receive 
information at the server from the client utilizing the tunnel as taught In Kirby for 
determining the type of encryption algorithm used to encrypt the packet (see column 5, 
lines 36-42). 

9. Referring to claims 3, 15 and 21 , McGravey teaches sending a signed noncel, a 
nonce2 (see Fig.6), which meets the limitation "key comprises at least one parameter 
for the cryptographic service performed by the server". 

1 0. Referring to claims 5, it is well known in the art to perform modular exponentiation 
at the server. One of ordinary skill in the art would have been motivated to perform 
modular exponentiation at the server in order not to reveal the client secret to the 
server. 

1 1 . Referring to claims 6 and 1 8, "transmitting the cryptographic service result to the 
client" is met by the server, which sends 610 the session credential and a request for 
the ticket(s) to the private key system (see Fig.6). 

12. Referring to claim 22, it is well know in the art to have the message blinded by the 
user before transmittal to the server. One of ordinary skill in the art would have been 
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motivated to have the message blinded prior to transmission for security in case of 
interception. 

Conclusion 

1 3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Grigory Gurshman whose telephone number is 
(571 )272-3803. The examiner can normally be reached on 9 AM-5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571)272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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